Apache mod_negotiation is enabled

Description

Kayran has found that mod_negotiation is enabled on your Apache.
mod_negotiation is an Apache module which is responsible for selecting the document that best matches the clients set of capabilities, from one of several available documents.
If a certain user uses an invalid accept header, the server will response with a 406 error which might contain directory listing.

All of it, can lead to the possibility of attackers learning more about their targets.
For example, it can help an attacker to find backup files, generate credentials and so on.

Recommendation

Simply disable the MultiViews directive from the Apache’s configuration file and restart Apache so the changes will take effect.

References

https://httpd.apache.org/docs/2.4/mod/mod_negotiation.html

https://cwe.mitre.org/data/definitions/538.html

< Return to all Vulnerabilities

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

Read More »

Passwords 101

Unlike basketballs, “passwords” are things we don’t want to be passed around, especially in a society built around the idea that “mystery” is appealing. We

Read More »

Red Team

You’ve probably heard that there are teams in the Cyber field called Red Team and Blue Team. Let’s talk about the red one, shall we?

Read More »

APT vs. ATP

In this article we will talk about APT vs. ATP. In other words, Advanced Persistent Threat and Advanced Threat Protection and the context between these

Read More »